HTML sanitizer

HTML sanitizer

The HTML sanitizer works by checking the built-in white list for markup that you always want to
preserve. The sanitizer provides the HTMLSanitizerConfig script include that
administrators can use to modify the built-in white list. Items can also be added to the black
list, which overrides the white list, to remove HTML markup.

The following types of items can be added to white and black lists:

Global attributes

Any HTML elements

Note: By default, URL attributes like href and src support only
these protocols:

http

https

mailto

data

For example:

<a href="https://community.servicenow.com/welcome">Community</a>

Configure urlAttributes and the protocols

You can configure urlAttributes and their protocols in the
HTMLSanitizer script include. For example: